1,000 exposed database has been wiped out by ‘Meow’ Attack

Recently, there is a latest automated malware attack where it has been a threat that been hit around 1,000 unprotected databases such as ElasticSearch. The attack will begin with the scanning activity which it will be without compromise the account control and overwriting any content that stored inside the database.

Tens of thousands from databases such as MongoDB and ElasticSearch instance have been compromised by Krakeno malware previously around in 2017, which cause havoc by widespread loss of data.

Bob Diachenko’s expertise would be in data breach research have discovered the ‘Meow’ bot had overwritten the information within ElasticSearch instance when he had been looking into any virtual network providers

One threat researchers which only known as ‘heige‘, a Chinese CyberSecurity firm KnowSec have found from ZoomEye (A search engine that uses the same function as Shodan) which resulting a similar attack

Below is the sample of the ‘meow’ incident where the index has been modified -meow for the files.

Source: Bleepingcomputer – New ‘Meow’ attack has wiped over 1,800 unsecured databases

Recently, Victor Gevers, the chairman of the non-profit GDI Foundation, is another people that notice the ‘meow’ attack pattern which happens a few hours after a volunteer from GDI has reported and disclosed the attack to the stakeholders of the database.

Source: Bleepingcomputer – New ‘Meow’ attack has wiped over 1,800 unsecured databases

A scan result from Shodan website that been done by Diachenko have showed over 500 open instance of ElasticSearch around the world which been hosted by Amazon Web Service, Azure, Google Cloud and so on. Some of the instance is also notified hosted within Australia.


Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *